CVE-2023-37066

Name of the Vulnerable Software and Affected Versions Chamilo versions 1.11.x up to 1.11.20

Description The issue allows users with admin privilege accounts to insert XSS in the skills wheel. This can be exploited by users with administrative privileges.

Recommendations For Chamilo versions 1.11.x up to 1.11.20, consider restricting access to admin accounts to minimize the risk of exploitation until a patch is available. As a temporary workaround, monitor the skills wheel for any suspicious activity. At the moment, there is no information about a newer version that contains a fix for this vulnerability.